...
Code Block |
---|
[capaths] CIT.CORNELL.EDU = { CNF.CORNELL.EDU = . } GUEST.CORNELL.EDU = { CNF.CORNELL.EDU = . } CORNELL.EDU = { CIT.CORNELL.EDU = . CNF.CORNELL.EDU = CIT.CORNELL.EDU } |
Windows
- If you are upgrading from a 1.5.x or earlier version of OpenAFS, first remove any AFS drive mappings.
- d/l MIT Kerberos for Windows (32 or 64-bit, depending on your windows os install) 4.0.1 from http://web.mit.edu/kerberos/dist/index.html
- Do a Typical install
- d/l 1.7.x MSI client installer (for Managed installations) from http://www.openafs.org/windows.html
- If installing on 64-bit Windows, you will also need the 32-bit tools package. Install this doing a "Typical" install.
- Set your computer not to go to sleep unless installing 1.7.x
- run the openafs installer
- Select a Custom install
- Accept the defaults for which components to install unless...
- If installing 1.7.x, you will need to install the "Authentication" component -- not enabled by default in 1.7.x.
- Change the cell name from openafs.org to cnf.cornell.edu
- Accept defaults on the rest of the screens
- Don't yet reboot (when prompted by the installer)
- Run the attached .reg files to set OpenAFS registry settings
- Copy the attached krb5.ini to c:\ProgramData\MIT\Kerberos (on XP, instead use C:\Documents and Settings\All Users\Application Data) overwriting the krb5.ini file that may be already there
- NOTE: If your organization also uses Kerberos, you will instead want to merge in the CNF krb5.ini with your organization's krb5.ini .
- Your local tech support or CNF Computing support can help you with this.
- Firewall Configuration - Under Windows XP and newer, we recommend that you just use the built-in Windows firewall. For other firewalls: SYMANTEC - If the Symantec Client Firewall is installedIf you are using a firewall other than the built in Windows firewall, you will need to add a rule allowing all traffic to/from 10.254.254.253
- If, during the Symantec configuration process, you get a popup window about a script error, you have two choices:
- Reinstall Symantec - this MAY fix the problem
- Disable the Symantec firewall and enable the Windows firewall - consult CNF IT staff for help on doing this
- If you would prefer to continue using the Symantec Client firewall, follow the below to allow AFS to work:
- If, during the Symantec configuration process, you get a popup window about a script error, you have two choices:
- Open Symantec Client Firewall
- Client Firewall - Configure
- Advanced Tab
- General Button
- Add a rule
- Permit
- Connection to and from other computers
- Only the computers and sites listed below: Add 10.254.254.253
- TCP and UDP and All types of communication
- Don't log anything
- Name the rule AFS Loopback Rule
- Check All Locations
- Finish
- Find the rule in the list of General Rules (it will be at the bottom) and repeatedly click "Move Up" to get the rule to the top of the list
- open incoming UDP port 7001.
- NOW, REBOOT. After rebooting, your firewall may prompt you to allow the various afs applications access to the network. You should choose to Always Allow these.
- OPTIONAL, set up a drive mapping (must be done AFTER REBOOTING)
- Right click on My Network Places
- Map drive
- To follow the CNF convention, set the drive letter to X
- Set the path to \\afs\cnf.cornell.edu
- Choose to Reconnect the drives
- Done
...
- Install the Mountain Lion krb5.conf file to /private/etc/krb5.conf
- The /private/etc folder is hidden... to get to it from the Finder...
- From the "Go" menu choose "Go to Folder"
- Type in /private/etc
- You can now copy the krb5.conf file over... you will be prompted for administrator credentials
- Install the Mountain Lion edu.mit.Kerberos file to /Library/Preferences/edu.mit.Kerberos
- You may first have to delete any existing edu.mit.Kerberos file (Finder may not let you overwrite the existing file)
- The deletion operation will require typing in an administrative username and password
- Copying over the new file will require typing in an administrative username and password
- Download OpenAFS 1.6.5 or greater from the openafs.org website (10.7 / 10.8) OR Download 1.6.5.2 for Mavericks from this link (10.9)
- Run the OpenAFS package installer
- Specify cnf.cornell.edu as the cell name and cnf as the cell alias
- No reboot is necessary (unless you are running Mavericks, Mac OS 10.9) - AFS will start running when the installer finishes
- TO show the AFS icon on the Desktop...
- Finder - Preferences
- General tab
- Check "Connected Servers"
- Download the gui AFSTokens app for SnowLeopard (afstokens-64bit.zip) from https://forge.cornell.edu/sf/projects/afs_tokens
- File Releases tab
- The AFSTokens app is no longer maintained, but is still the best way to obtain AFS tokens.
- Obtaining tokens works under the latest version of Mac OS X Mavericks. However, deleting tokens crashes the app.
- Renewing existing tokens does not work. You must first delete any AFS tokens and Kerberos tickets by running the following two commands from a Terminal prompt commandline:
Code Block unlog kdestroy
- Viewing your AFS group membership works under the latest version of OS X Mavericks.